Skip to main content
Skip table of contents

Centralized Access Control and Single Sign On

2025.1

Reviewed: 9/20/2024
Updated: 9/20/2024

Purpose and Scope:

The purpose of this policy is to outline the approach to leveraging single sign-on authentication methods and centrally managing user accounts.

Controls and Procedures

Policy:

  1. IMPLAN leverages both Microsoft Active Directory/Azure Active Directory and Google Workspace as its Identity Providers (IdP) to control user access to systems and business applications.
  2. Single sign-on (SSO) should be used whenever the option is available and makes security and business sense instead of local authentication. This centralized approach improves user experience and simplifies access management, but should not come at exorbitant expense to IMPLAN.
  3. SSO is configured through OpenID Connect (OIDC), where available. When unavailable, SAML is the acceptable second option.
  4. The IT team is responsible for the administration of the IdPs, including user and access provisioning. The IT team may delegate administrative privilege to a subset of the system, such as a specific application.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.